Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to revert to an earlier IDP Signature Attack Database using CLI

0

0

Article ID: KB23397 KB Last Updated: 18 Nov 2013Version: 2.0
Summary:

This article explains how to revert to a previous IDP Signature Attack Database using the Command Line Interface.

For information on how to revert to a previous IDP Signature Attack Database from Security Director, see:

KB27835 - [Junos Space] How to revert to an earlier IDP Signature Attack Database using Security Director

Symptoms:

If problems are encountered after downloading the latest IDP Attack Database, a work-around is to revert to a previous known working IDP Attack Database.


Solution:
Perform the following steps:
  1. Collect the IDP related logs in case a case needs to be opened with your technical support representative. Please refer to the article KB-21781 [SRX] Data Collection Checklist - Logs/data to collect for troubleshooting to collect the necessary information.

  2. Run the command to display your current Attack database version:
    root@> show security idp security-package-version
    Attack database version:2108(Thu Mar 29 12:47:45 2012)
    Detector version :12.6.160120213
    Policy template version :2108    
       
    Here 2108 indicates the version of the Attack database in use.
    Refer to your notes for the last known good Attack database version that you want to revert to.

  3. Let us assume the user is facing some issues after the IDP attack database update to 2108.

  4. To revert to a previous version of the IDP Attack Database, run the command:
    root>request security idp security-package download version <version> ->Version number of the IDP sigdb db
    For example:
    root>request security idp security-package download version 2105     -> In this example it's 2105
    Then check the status:
    root@>request security idp security-package download status
    Done;Successfully downloaded from(https://services.netscreen.com/cgi-bin/index.cgi).
    Version info:2105(Thu Mar 26 12:30:49 2012, Detector=10.4.160101203)
     The above output indicates that the IDP attack database with version 2105 has been successfully downloaded.

  5. Now install the attack database:
  6. root@> request security idp security-package install
    It typically takes approximately 15 minutes to install the attack database. Once installed the status can be checked as follows:
    root@> request security idp security-package install status
    Done;Attack DB update : successful - [UpdateNumber=2105,ExportDate=Thu Mar 26 12:32:49 2012,Detector=10.4.160101203]
    Updating control-plane with new detector : successful
    Updating data-plane with new attack or detector : not performed
    due to no existing running policy found.
    The above output indicates that the IDP attack database with version 2105 has been successfully installed.

    You can check the attack database version using the below mentioned command :
    root@>show security idp security-package-version
    Attack database version:2105(Mon Mar 26 12:35:38 2012)
    Detector version :10.4.160101203
    Policy template version :2

Note:
 If the previous version had an older detector the detector will be reverted as well.

Refer to the RSS feed for more details on the signatures and detectors released with each sigdb version Juniper Signature Updates.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search